Firewall-1 Security Vulnerabilities and Issues — Firewall-1 CVE List

Lucene search

CheckpointFirewall-1

20 matches found

CVE•added 2004/11/23 5:0 a.m.•109 views

CVE-2004-0079

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

7.5CVSS7.1AI score0.02058EPSS

CVE•added 2000/04/25 4:0 a.m.•64 views

CVE-1999-0895

Firewall-1 does not properly restrict access to LDAP attributes.

7.5CVSS6.9AI score0.00552EPSS

CVE•added 2004/09/28 4:0 a.m.•55 views

CVE-2004-0699

Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.

7.5CVSS8.1AI score0.17799EPSS

CVE•added 2005/11/18 9:3 p.m.•52 views

CVE-2005-3673

The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which o...

7.8CVSS6.6AI score0.09317EPSS

CVE•added 2001/01/22 5:0 a.m.•49 views

CVE-2000-0804

Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."

7.5CVSS6.8AI score0.00351EPSS

CVE•added 2000/03/22 5:0 a.m.•45 views

CVE-2000-0150

Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.

7.5CVSS6.7AI score0.00454EPSS

CVE•added 2007/02/27 2:0 a.m.•45 views

CVE-2004-2679

Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information.

7.8CVSS6.6AI score0.00343EPSS

CVE•added 2000/10/20 4:0 a.m.•43 views

CVE-2000-0779

Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.

7.5CVSS6.8AI score0.00351EPSS

CVE•added 2000/10/13 4:0 a.m.•42 views

CVE-2000-0116

Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra

7.5CVSS7AI score0.0322EPSS

CVE•added 2001/01/22 5:0 a.m.•38 views

CVE-2000-0808

The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."

7.5CVSS6.9AI score0.00515EPSS

CVE•added 2002/06/25 4:0 a.m.•38 views

CVE-2001-0940

Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name.

7.5CVSS8.5AI score0.08459EPSS

CVE•added 2002/04/01 5:0 a.m.•38 views

CVE-2001-1171

Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy.

7.2CVSS7AI score0.00046EPSS

CVE•added 2001/01/22 5:0 a.m.•37 views

CVE-2000-0807

The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."

7.5CVSS6.9AI score0.00856EPSS

CVE•added 2000/12/11 5:0 a.m.•37 views

CVE-2000-1037

Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.

7.5CVSS7.2AI score0.09143EPSS

CVE•added 2002/06/25 4:0 a.m.•37 views

CVE-2001-1158

Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.

7.5CVSS6.9AI score0.04823EPSS

CVE•added 2002/06/25 4:0 a.m.•36 views

CVE-2001-1176

Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.

7.5CVSS7.6AI score0.02313EPSS

CVE•added 2002/03/09 5:0 a.m.•35 views

CVE-1999-1204

Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.

7.5CVSS7.3AI score0.0057EPSS

CVE•added 2001/01/22 5:0 a.m.•35 views

CVE-2000-0805

Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."

7.5CVSS6.6AI score0.00552EPSS

CVE•added 2001/02/12 5:0 a.m.•33 views

CVE-2001-0082

Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets.

7.5CVSS7.2AI score0.02711EPSS

CVE•added 2002/08/12 4:0 a.m.•32 views

CVE-2002-0428

Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.

7.5CVSS6.9AI score0.00585EPSS